Hotspot Shield VPN featured

AnchorFree owned VPN service provider Hotspot Shield has encountered a bug that can leak user’s information to hackers. The company has been quick to acknowledge the flaw in their VPN service. This vulnerability puts the user’s location and other data at risk.

Hotspot Shield, which enjoys a user base of 500 million users globally, has encountered this bug that was first discovered by Paulos Yibelo, a web application security researcher and penetration tester. AnchorFree has acknowledged the bug and have ensured that a quick fix to the situation will be delivered. Here are the details of the matter.

Hotspot Shield VPN vulnerable to data leaks

Hotspot Shield VPN

For the uninitiated, a VPN or Virtual Private Network is a service that allows you to keep your identity and other credentials secured and secret while browsing the internet. It is always more secure to browse the web using a VPN and Hotspot Shield is one such service, which is currently being used by over 500 million people around the world.

Recently, a web application security and research penetration tester, Paulos Yibelo discovered a bug in the VPN, using which “an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.”

The National vulnerability database of USA has listed the vulnerability as CVE-2018-6460. According to Paulos, the bug exposes data about the machine from which internet is being accessed, compromising location and other basic credentials of the user. AnchorFree, the parent company of Hotspot Shield was aware of the issue since December but they did not address it at that time.

However, the company has assured that they encrypt all the user data including passwords and other credentials and will soon introduce an update to fix the bug. You can get Hotspot Shield extension for Google Chrome here.

SHARE
An avid reader, writer, and motorcyclist, Manik is intrigued by the ever evolving tech ecosystem. Manik is responsible to take care of what’s happening in the Indian smartphones market and update the website readers accordingly through his detailed coverage on any given topic. In his free-time, you’ll find him fine-tuning his Bike or exploring the web for something new.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.